Red Hat ENTERPRISE LINUX 4 System Administration Manual page 316

Chapter 32. Users and Groups
Option
-m <days>
-M <days>
-d <days>
-I <days>
-E <date>
-W <days>
Table 32.3. chage Command Line Options
Tip
If the chage command is followed directly by a username (with no options), it displays the
current password aging values and allows them to be changed.
You can configure a password to expire the first time a user logs in. This forces users to change
passwords the first time they log in.
Note
This process will not work if the user logs in using the SSH protocol.
1. Lock the user password — If the user does not exist, use the useradd command to create the
user account, but do not give it a password so that it remains locked.
If the password is already enabled, lock it with the command:
usermod -L username
2. Force immediate password expiration — Type the following command:
chage -d 0 username
This command sets the value for the date the password was last changed to the epoch (January
1, 1970). This value forces immediate password expiration no matter what password aging policy,
if any, is in place.
298
Description
Specifies the minimum number of days between which the user must
change passwords. If the value is 0, the password does not expire.
Specifies the maximum number of days for which the password is
valid. When the number of days specified by this option plus the
number of days specified with the -d option is less than the current
day, the user must change passwords before using the account.
Specifies the number of days since January 1, 1970 the password was
changed
Specifies the number of inactive days after the password expiration
before locking the account. If the value is 0, the account is not locked
after the password expires.
Specifies the date on which the account is locked, in the format YYYY-
MM-DD. Instead of the date, the number of days since January 1,
1970 can also be used.
Specifies the number of days before the password expiration date to
warn the user.